FirstBlood-#204 — Info leak that leads to non admin login
This issue was discovered on FirstBlood v1.0.0
On 2021-05-12, d20s84 Level 3 reported:
Summary : Private code(invite key) is readily available in reddit forum that can be used with availabe doctor names in order to login credentials .
- Open the reddit link to obtain the private key : https://www.reddit.com/r/BugBountyHunter/comments/n4xzw1/firstbloodhackerscom_doctor_registration/
- Browse to the endpoint : /doctors.html to obtain doctor's name. They can be used as usernames .
- feed the credentials to /register.php. Boom !!! The login credentials to non administrative accounts are provided.
FirstBlood ID: 15
Vulnerability Type: Auth issues
A doctors invite code is leaked on the internet which if used grants anyone access to the doctor portal. The invite code should expire after use.